blob: 996ff7ca141a446fd44e3d2c5e93651303e39a14 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Fail2Ban%20vs%20Blockhosts%20vs%20DenyHosts%20vs%20iptable%0A%20throttle%20for%20SSH&In-Reply-To=%3C51236C79.1060003%40colin.guthr.ie%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="022971.html">
<LINK REL="Next" HREF="022973.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH</H1>
<B>Colin Guthrie</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Fail2Ban%20vs%20Blockhosts%20vs%20DenyHosts%20vs%20iptable%0A%20throttle%20for%20SSH&In-Reply-To=%3C51236C79.1060003%40colin.guthr.ie%3E"
TITLE="[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH">mageia at colin.guthr.ie
</A><BR>
<I>Tue Feb 19 13:13:45 CET 2013</I>
<P><UL>
<LI>Previous message: <A HREF="022971.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH
</A></li>
<LI>Next message: <A HREF="022973.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#22972">[ date ]</a>
<a href="thread.html#22972">[ thread ]</a>
<a href="subject.html#22972">[ subject ]</a>
<a href="author.html#22972">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>'Twas brillig, and Robert Fox at 19/02/13 11:45 did gyre and gimble:
><i> On Tue, 2013-02-19 at 12:35 +0100, Guillaume Rousse wrote:
</I>>><i> Le 19/02/2013 12:20, <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">finid at linuxbsdos.com</A> a écrit :
</I>>>><i> If that's how you feel about having a program like DenyHosts running by
</I>>>><i> default, do you feel the same way about having a firewall running and
</I>>>><i> configured out of the box.
</I>>>><i>
</I>>>><i> Is a firewall a sysadmin's or packager's choice?
</I>>><i> A sysadmin choice. Pushing always more stuff 'by default' doesn't help
</I>>><i> users to make educated choices.
</I>><i>
</I>><i> On one hand I agree, on the other hand - we want a distribution which
</I>><i> simply works and common choices are made (like which firewall) from the
</I>><i> distro side - a good enough Sysadmin can then change to his/her liking
</I>><i> afterwards. This is more or less a distro "philosophy" question, but
</I>><i> look why "Mint" has become so popular - because many choices are made
</I>><i> upfront for the user - yet the flexibility is in the system (and enough
</I>><i> packages) for an advanced user to change them!
</I>><i>
</I>><i> As long as the default settings are documented upfront - I see no issue
</I>><i> in making such a decision on behalf of the "average" user - and making a
</I>><i> more security robust distribution.
</I>
Yup, I agree with this.
I'm know my way around sufficiently that I can happily change the stuff
I don't like.
I think we do have to pick reasonably sensible defaults. Ultimately
that's what msec does too - defines sensible defaults for the security
level picked.
So overall I'd welcome a default setup that allows things to be more
secure/robust by default (obviously balanced against user experience -
e.g. a *very* secure setup would be to ban all traffic in or out... but
that's not a nice user experience :D).
Col
--
Colin Guthrie
colin(at)mageia.org
<A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A>
Day Job:
Tribalogic Limited <A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A>
Open Source:
Mageia Contributor <A HREF="http://www.mageia.org/">http://www.mageia.org/</A>
PulseAudio Hacker <A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A>
Trac Hacker <A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="022971.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH
</A></li>
<LI>Next message: <A HREF="022973.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#22972">[ date ]</a>
<a href="thread.html#22972">[ thread ]</a>
<a href="subject.html#22972">[ subject ]</a>
<a href="author.html#22972">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
